Jump to content


Photo

My actual desktop has been hijacked


  • Please log in to reply
1 reply to this topic

#1 SLUGFly

SLUGFly

    Member

  • New Member
  • Pip
  • 2 posts

Posted 17 July 2004 - 11:57 AM

I've had hijackers before and various other common dirty programs, but now I have a desktop image that is kind of like a webpage existing beneath my icons. It says "warning you're in danger" and then goes on to explain the typical sales pitch that my computer is infected and my privacy is comprimised blah blah blah. There's no company or program name on it, but it has links like a web page. Also, I change my desktop image but it makes no difference (and the image I chose remains the image chosen in control panels.)

Here is my weblog.

Logfile of HijackThis v1.97.7
Scan saved at 오전 1:51:46, on 2004-07-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\resetservice.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Weatherscope\Weatherscope.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Ahnlab\V3\MonSysNT.exe
C:\PROGRA~1\Ahnlab\V3\V3P3AT.exe
C:\PROGRA~1\Ahnlab\V3\V3IMPro.exe
C:\WINDOWS\system32\tcp.exe
C:\Program Files\VPower\PCZiggy\FreeChal\PZRun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\conime.exe
D:\will stuff\HijackThis.exe

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: V3 - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\PROGRA~1\Ahnlab\V3\V3Bar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.111-big.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.111-big.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\PROGRA~1\Ahnlab\V3\V3Bar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winsystem] C:\WINDOWS\system32\winsystem.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\RunOnce: [PZLinkCheck] C:\Program Files\VPower\PCZiggy\FreeChal\PZLinkCheck.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: NTUSER.DAT
O4 - Global Startup: NTUSER.DAT.LOG
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://dizzo.content...le/MyLinker.cab
O16 - DPF: {0DF22B4E-B443-40D6-893E-CED239DFC83F} (FcMailAttachCtrl.MailDropBox) - http://home.freechal...cMailAttach.CAB
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.250...::/winpromo.exe
O16 - DPF: {15A0BCA7-0557-4BAC-9B4C-7CE9172BB9CF} (MuzMakeIconCtrl Class) - http://image.muzcast...con/MuzIcon.cab
O16 - DPF: {15EDD727-C89B-4639-8157-A731271E2EA6} (PZLaunch Control) - http://down01.freech...ine/PCZiggy.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1CF034F9-79AC-427B-9A51-9B909EC3CF85} (WebMSN_IEObj Class) - http://blogimgs.nave...omp_1_0_0_6.CAB
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} (Empas Filebox Control) - http://filebox.empal...mpasFilebox.cab
O16 - DPF: {49233226-72EC-11D6-918E-0050DA8B1AD6} (AnyGuide Control) - http://smap.naver.co...cx/anyGuide.ocx
O16 - DPF: {5373CE59-8BB8-45DF-96FB-7DC2F668D674} (P3BugsCtrl Class) - http://player.bugs.c...smedia_0527.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {598E9A0F-2292-4FBD-A577-A44352839FE9} (bizresume control) - http://www.bizresume...r/bizresume.cab
O16 - DPF: {5AD24A59-4FF7-42D0-A7D0-20FD302CAC1F} (EmpasFileUpload Class) - http://empal.empas.c...sFileUpload.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr...sOggPlay_11.CAB
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.bccard.co...INIplugin40.cab
O16 - DPF: {73257F5A-A0E3-4904-A64E-CE6D892E404D} (Empas File Upload Control) - http://empal.empas.c...sFileUpload.cab
O16 - DPF: {7B1BB066-7BBB-11D4-A34E-0000F01A209C} (UniAuth Class) - http://login.unitel....ug/lmgr2108.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.soft.../xw_install.cab
O16 - DPF: {80F80B6C-15DC-441A-B8C8-4A47473DA4F4} (howwriting control) - http://www.howwritin.../howwriting.cab
O16 - DPF: {829ACCA1-9665-4CFA-BFCB-20DDBB6096E2} (TelecOcx Control) - http://img.telec.co....le/TelecOcx.cab
O16 - DPF: {8FA141C5-29D7-4408-A57B-619C463ED7BB} (Cychannel_Club1_10.UserControl1) - http://club.cyworld....lubmain1_11.CAB
O16 - DPF: {92C72FAE-CA6F-4FC2-A800-934C9C4145F9} (V3D_MiddleWare Class) - http://img.telec.co...._MiddleWare.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab8/dmcc2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7692.7577777778
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.c...der20040708.cab
O16 - DPF: {A4CC2CFF-D8DE-481E-81FC-B51186283282} (PZLunch Control) - http://down01.freech...ine/PCZiggy.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...nds/install.cab
O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - http://plugin.inicis...INIwallet01.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {D6C10324-2FD5-11D4-9B4D-00104B880ED4} (NamoWeCtl 1.0 (KPP)) - http://empal.empas.com/kr/namowe.cab
O16 - DPF: {D6D424E5-DE1C-4E91-8B59-00F5D860E3BF} (KillRecord Control) - http://wmpdownload.n.../KillRecord.cab
O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.c.../bugsLoader.cab
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://64.7.220.98/downloads/UGO20.exe
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.hmall.com...NISafeWeb50.cab
O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} - http://login.freecha...on/FcOnCtl7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A950E2DE-BC0F-43FA-AEFB-0DE42237ABD9}: NameServer = 210.220.163.82 210.94.6.67

Thank you very much if anyone can help me out at all with this craziness. :)

EDIT:: Something extra I just recalled. Whenever I click on a link in a website, then back up my browser, if I open a second window or while on that second window I click another link or close the window then my first window (where I clicked and backed up) will go forward automatically to the page I had most recently backed up from. It's only a small annoyance but the strangeness of it worries me.

Edited by SLUGFly, 17 July 2004 - 12:21 PM.


#2 bufordta

bufordta

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 17 July 2004 - 04:57 PM

Hey, I reposted to my topic following your reply. It sounds like we have the same problem. My desktop talks about the same stuff. If I get a response that works, I will let you know. Thanks for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button